This cheatsheet is primarily focused on how to use TLS to protect clients connecting to a web application over HTTPS although much of the guidance is also applicable to other uses of TLS. TLS is used by many other protocols to provide encryption and integrity, and can be used in a number of different ways. Authentication - allowing the client to verify that they are connected to the real server (note that the identity of the client is not verified unless client certificates are used).Replay prevention - protection against an attacker replaying requests against the server.Integrity - protection against an attacker modifying traffic.Confidentiality - protection against an attacker from reading the contents of traffic.
When correctly implemented, TLS can provides a number of security benefits: This cheat sheet provides guidance on how to implement transport layer protection for an application using Transport Layer Security (TLS). Transport Layer Protection Cheat Sheet ¶ Introduction ¶ Use CAA Records to Restrict Which CAs can Issue CertificatesĬonsider the use of Extended Validation CertificatesĬonsider the use of Client-Side Certificates Use an Appropriate Certification Authority for the Application's User Base Use Strong Cryptographic Hashing AlgorithmsĬarefully Consider the use of Wildcard Certificates Insecure Direct Object Reference Prevention
0 kommentar(er)
